The Office of Personnel Management has 70 terabits of stored data that it plans to use for behavioral analysis.

“We spent a lot of money to get those logged files,” said Clif Triplett, senior cyber information technology adviser for OPM. “We want to try to harvest the value.”

Clifton Triplett, Senior Cyber and Information Technology Advisor, Office of Personnel Management, speaks on CSIP and CNAP: Driving Next-Gen Cyber Strategies for Agencies at MeriTalk's Palo Alto Networks Federal Forum.
Clifton Triplett of OPM, shown at the Sept. 2 Palo Alto Networks Federal Forum, says, “We have all this data. We have to think about how we manage it.” (Photo: MeriTalk)

One of OPM’s cybersecurity initiatives allows for intelligence across Federal agencies to be put into the same signature files for OPM to store. OPM uses this data and notifies the agencies if it detects an internal threat. Triplett said OPM wants to make use of big data to understand how human behavior relates to cybersecurity threats, which depends on comprehensive data analytics.

“We have all this data,” Triplett said. “We have to think about how we manage it.”

OPM is also working on data masking high-value assets, which will scramble the data when it’s presented unless the reader has access to the information.

“All the agencies across the Federal government are prioritizing their high-value assets,” Triplett said.

OPM has 18 places where it will invest in encryption in the future, according to Triplett, who chose not to reveal the specific places on Wednesday. OPM uses encryption on its networks in transit, storage at rest, database at rest, and database in use.

OPM is interested in investing in a system that can contain its computing capabilities, storage, network, and database in one place. OPM sees a minimum of two to three vendors per day.

“It’s tricky on how you deploy it,” Triplett said. “We’ve got to figure out how you bring that as a complete package over.”

Another of OPM’s cybersecurity initiatives is a master map that scans for white spaces and coverage of potential threats. The agency then determines how to prevent, detect, contain, and eradicate the threats in at least three different ways.

“We know it’s probably impossible for us to prevent all threats,” Triplett said.

In this scenario, if OPM can’t prevent the threat, it will move on to the next stages of detection, containment, and eradication.

Triplett’s information technology priorities include risk management, data centers, applications, physical machines, and data, in that order.

In order to manage cybersecurity risks, OPM looks at operational availability and cyber risk.

“You don’t always get the money to fix all those issues,” Triplett said. “Sometimes they creep up on you.”

Triplett said that legacy IT systems are still prevalent at OPM. The Federal government is working to change this trend in order to save money on maintaining old technology. By 2021, Triplett said that getting away from traditional computing will become part of OPM’s agency mission.

“Though we’re highly virtualized, I wouldn’t say we’re optimized,” Triplett said.

Read More About
More Topics
Morgan Lynch
Morgan Lynch
Morgan Lynch is a Staff Reporter for MeriTalk covering Federal IT and K-12 Education.